CVE-2022-50940 - Knap Advanced PHP Login 3.1.3 Persistent Cross-Site Scripting via Name Parameter
CVE ID : CVE-2022-50940
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50940
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50941 - BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order Checkout
CVE ID : CVE-2022-50941
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50941
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50942 - Inciga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener
CVE ID : CVE-2022-50942
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50942
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50950 - Webile 1.0.1 Directory Traversal Vulnerability via Web Application
CVE ID : CVE-2022-50950
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50950
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50951 - WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation
CVE ID : CVE-2022-50951
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50951
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50952 - Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input
CVE ID : CVE-2022-50952
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50952
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-54343 - QWE DL 2.0.1 Persistent XSS Vulnerability via Path Parameter
CVE ID : CVE-2023-54343
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading to session hijacking and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-54343
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading to session hijacking and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37037 - AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path
CVE ID : CVE-2020-37037
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37037
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37045 - NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path
CVE ID : CVE-2020-37045
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37045
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37047 - Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path
CVE ID : CVE-2020-37047
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37047
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37048 - Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path
CVE ID : CVE-2020-37048
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37048
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37055 - SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path
CVE ID : CVE-2020-37055
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37055
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37061 - BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
CVE ID : CVE-2020-37061
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37061
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37062 - DHCP Turbo 4.6.1298- 'DHCP Turbo 4' Unquoted Service Path
CVE ID : CVE-2020-37062
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37062
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37063 - TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
CVE ID : CVE-2020-37063
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37063
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37064 - EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path
CVE ID : CVE-2020-37064
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37064
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1733 - Zhong Bang CRMEB :uni tidyOrder improper authorization
CVE ID : CVE-2026-1733
Published : Feb. 1, 2026, 11:15 p.m. | 3 hours, 21 minutes ago
Description : A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1733
Published : Feb. 1, 2026, 11:15 p.m. | 3 hours, 21 minutes ago
Description : A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25253 - OpenClaw WebSocket Token Disclosure Vulnerability
CVE ID : CVE-2026-25253
Published : Feb. 1, 2026, 11:15 p.m. | 3 hours, 21 minutes ago
Description : OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25253
Published : Feb. 1, 2026, 11:15 p.m. | 3 hours, 21 minutes ago
Description : OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1734 - Zhong Bang CRMEB crontab Endpoint CrontabController.php authorization
CVE ID : CVE-2026-1734
Published : Feb. 2, 2026, 12:15 a.m. | 2 hours, 21 minutes ago
Description : A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1734
Published : Feb. 2, 2026, 12:15 a.m. | 2 hours, 21 minutes ago
Description : A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1735 - Yealink MeetingBar A30 Diagnostic command injection
CVE ID : CVE-2026-1735
Published : Feb. 2, 2026, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1735
Published : Feb. 2, 2026, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1736 - Open5GS SGWC s11-handler.c assertion
CVE ID : CVE-2026-1736
Published : Feb. 2, 2026, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1736
Published : Feb. 2, 2026, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...